Scribd Logo
Upload

Welcome to Scribd!

  • Ethical Hacking and Cyber Security - Day Wise Course Content

    Uploaded by

    Achyut Awasthi
    17 views3 pages

    Original Title

    Ethical Hacking and Cyber Security- Day Wise Course Content

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views3 pages

    Ethical Hacking and Cyber Security - Day Wise Course Content

    Uploaded by

    Achyut Awasthi

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Ethical Hacking and Cyber Security

    Day 1. Introduction
    Overview of Web Application Penetration Testing
    Why Penetration Testing
    Who are Penetration Tester
    How To start Bug Bounty hunting with Penetration Testing (Bugcrowd and Hackerone)
    How to Report Bug
    Bug Bounty Rewards

    Basic Terminology
    Web Application Penetration Testing
    Penetration testing
    Vulnerability Assessment
    Testing Approach (Manual vs Automated)
    Common Web Application Function
    Benefits of Web Application
    Web Application Security

    Day 2. Web Application Technologies


    HTTP Protocol
    HTTP Request
    HTTP Response
    HTTP Method
    HTTP Header
    HTTP Status Code
    Cookies
    GET vs POST

    Day 3. Burpsuite Manual Testing Tool


    Introduction to Burpsuite
    Installation and Configuration Burpsuite
    Proxy
    Sitemap
    Scanner
    Intruder
    Repeater
    Decoder

    Scanner and Security Tools


    Acunetix Web Vulnerability Scanner
    Nikto
    Nmap
    Hackbar
    SQLMap
    LFI Suite
    Day 4. Information Gathering
    Conduct Search Engine Discovery and Reconnaissance for Information Leakage
    Fingerprint Web Server
    Review Webserver Metafiles for Information Leakage
    Enumerate Applications on Webserver
    Review Webpage Comments and Metadata for Information Leakage
    Identify application entry points
    Map execution paths through application
    Fingerprint Web Application Framework
    Fingerprint Web Application
    Map Application Architecture

    Day 5. Configuration and Deploy Management Testing


    Test Network/Infrastructure Configuration
    Test Application Platform Configuration
    Test File Extensions Handling for Sensitive Information
    Backup and Unreferenced Files for Sensitive Information
    Enumerate Infrastructure and Application Admin Interfaces
    Test HTTP Methods
    Test HTTP Strict Transport Security
    Test RIA cross domain policy

    Day 6. Identity Management Testing


    Test Role Definitions
    Test User Registration Process
    Test Account Provisioning Process
    Testing for Account Enumeration and Guessable User Account
    Testing for Weak or unenforced username policy
    Test Permissions of Guest/Training Accounts
    Test Account Suspension/Resumption Process

    Day 7. Authentication Testing


    Testing for Credentials Transported over an Encrypted
    Channel Testing for default credentials
    Testing for Weak lock out mechanism
    Testing for bypassing authentication schema
    Test remember password functionality
    Testing for Browser cache weakness
    Testing for Weak password policy
    Testing for Weak security question/answer
    Testing for weak password change or reset functionalities
    Testing for Weaker authentication in alternative channel

    Day 8. Authorization Testing


    Testing Directory traversal/file include
    Testing for bypassing authorization schema
    Testing for Privilege Escalation
    Testing for Insecure Direct Object References
    Day 9. Session Management Testing
    Testing for Bypassing Session Management Schema
    Testing for Cookies attributes
    Testing for Session Fixation
    Testing for Exposed Session Variables
    Testing for Cross Site Request Forgery
    Testing for logout functionality
    Test Session Timeout
    Testing for Session puzzling

    Day 10. Data Validation Testing


    Testing for Reflected Cross Site Scripting
    Testing for Stored Cross Site Scripting
    Testing for HTTP Verb Tampering
    Testing for HTTP Parameter pollution
    Testing for Code Injection
    Testing for Local File Inclusion
    Testing for Remote File Inclusion
    Testing for Command Injection

    Cryptography
    Testing for Weak SSL/TSL Ciphers, Insufficient Transport Layer Protection
    Testing for Padding Oracle
    Testing for Sensitive information sent via unencrypted channels

    Day 11. Business Logic Testing


    Testing for Weak SSL/TSL Ciphers, Insufficient Transport Layer Protection
    Testing for Padding Oracle
    Testing for Sensitive information sent via unencrypted channels
    Test Number of Times a Function Can be Used Limits
    Test Upload of Unexpected File Types
    Test Upload of Malicious Files

    Day 12. Client-Side Testing


    Testing for DOM based Cross Site Scripting
    Testing for HTML Injection
    Testing for Client-Side URL Redirect
    Test Cross Origin Resource Sharing
    Testing for Clickjacking

    You might also like